CVE List - 2024 / May
Showing 2001 - 2100 of 4997 CVEs for May 2024 (Page 21 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-4684 | 2024-05-09 | Campcodes Complete Web-Based School Management System exam_timetable_grade_wise.php cross site scripting |
| CVE-2022-32504 | 2024-05-09 | An issue was discovered on certain Nuki Home Solutions devices.... |
| CVE-2022-32502 | 2024-05-09 | An issue was discovered on certain Nuki Home Solutions devices.... |
| CVE-2022-32507 | 2024-05-09 | An issue was discovered on certain Nuki Home Solutions devices.... |
| CVE-2022-32503 | 2024-05-09 | An issue was discovered on certain Nuki Home Solutions devices.... |
| CVE-2022-32510 | 2024-05-09 | An issue was discovered on certain Nuki Home Solutions devices.... |
| CVE-2022-32506 | 2024-05-09 | An issue was discovered on certain Nuki Home Solutions devices.... |
| CVE-2022-32508 | 2024-05-09 | An issue was discovered on certain Nuki Home Solutions devices.... |
| CVE-2022-32505 | 2024-05-09 | An issue was discovered on certain Nuki Home Solutions devices.... |
| CVE-2024-4685 | 2024-05-09 | Campcodes Complete Web-Based School Management System exam_timetable.php cross site scripting |
| CVE-2024-3989 | 2024-05-09 | HT Mega – Absolute Addons For Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Justify |
| CVE-2024-4605 | 2024-05-09 | Breakdance <= 1.7.1 - Authenticated (Contributor+) Remote Code Execution |
| CVE-2024-3068 | 2024-05-09 | Custom Field Suite <= 2.6.5 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2024-4107 | 2024-05-09 | Elementor Website Builder Pro <= 3.21.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting |
| CVE-2024-3954 | 2024-05-09 | Ditty – Responsive News Tickers, Sliders, and Lists <= 3.1.38 - Authenticated (Contributor+) PHP Object Injection |
| CVE-2024-1693 | 2024-05-09 | SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update |
| CVE-2024-4150 | 2024-05-09 | Simple Basic Contact Form <= 20221201 - Reflected Cross-Site Scripting |
| CVE-2024-4158 | 2024-05-09 | Blocksy <= 2.0.42 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2023-6327 | 2024-05-09 | ShopLentor (formerly WooLentor) <= 2.8.7 - Missing Authorization via purchased_new_products |
| CVE-2024-3680 | 2024-05-09 | Enter Addons – Ultimate Template Builder for Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animation Title widget img tag |
| CVE-2024-4316 | 2024-05-09 | EmbedPress Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter |
| CVE-2024-3974 | 2024-05-09 | BuddyPress <= 12.4.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-4386 | 2024-05-09 | Gallery Block (Meow Gallery) <= 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-3807 | 2024-05-09 | Porto <= 7.1.0 - Authenticated (Contributor+) Local File Inclusion via Post Meta |
| CVE-2024-1166 | 2024-05-09 | Image Hover Effects - Elementor Addon <= 1.4.1 - Authenticated(Contributor+) DOM-based Stored Cross-Site Scripting via Image Hover Effects Widget |
| CVE-2024-1229 | 2024-05-09 | SimpleShop <= 2.10.2 - Missing Authorization |
| CVE-2024-4041 | 2024-05-09 | Yoast SEO <= 22.5 - Reflected Cross-Site Scripting |
| CVE-2024-3952 | 2024-05-09 | Advanced Ads – Ad Manager & AdSense <= 1.52.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Ad Widget |
| CVE-2024-4383 | 2024-05-09 | Simple Membership <= 4.4.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-3916 | 2024-05-09 | Swift Framework <= 2.7.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes |
| CVE-2024-4312 | 2024-05-09 | Soccer Engine – Soccer Plugin for WordPress <= 1.12 - Cross-Site Request Forgery |
| CVE-2024-3722 | 2024-05-09 | Swift Performance Lite <= 2.3.6.18 - Incorrect Authorization to Authenticated (Subscriber+) Settings Modification |
| CVE-2024-3595 | 2024-05-09 | Pure Chat – Live Chat Plugin & More! <= 2.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-3831 | 2024-05-09 | Enter Addons – Ultimate Template Builder for Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading widget |
| CVE-2024-4446 | 2024-05-09 | Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via pagingType Parameter |
| CVE-2024-4314 | 2024-05-09 | hostel <= 1.1.5.3 - Cross-Site Request Forgery |
| CVE-2024-4339 | 2024-05-09 | Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4411 | 2024-05-09 | Mihdan: Yandex Turbo Feed <= 1.6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-2923 | 2024-05-09 | Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) <= 1.1.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Effect Widget |
| CVE-2024-3915 | 2024-05-09 | Swift Framework <= 2.7.31 - Missing Authorization to Unauthenticated Arbitrary Content Update |
| CVE-2024-4441 | 2024-05-09 | XML Sitemap & Google News <= 5.4.8 - Unauthenticated Local File Inclusion |
| CVE-2024-4103 | 2024-05-09 | ADFO – Custom data in admin dashboard <= 1.9.0 - Cross-Site Request Forgery |
| CVE-2024-4335 | 2024-05-09 | Rank Math SEO with AI Best SEO Tools <= 1.0.217 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-1230 | 2024-05-09 | SimpleShop <= 2.10.0 - Cross-Site Request Forgery |
| CVE-2024-3806 | 2024-05-09 | Porto <= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts |
| CVE-2024-3990 | 2024-05-09 | HT Mega – Absolute Addons For Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tooltip & Popover Widget |
| CVE-2024-3923 | 2024-05-09 | Beaver Builder – WordPress Page Builder <= 2.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-2846 | 2024-05-09 | Visual Footer Credit Remover <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2024-0445 | 2024-05-09 | The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-3070 | 2024-05-09 | Last Viewed Posts by WPBeginner <= 1.0.0 - Unauthenticated PHP Object Injection |
| CVE-2024-4082 | 2024-05-09 | Joli FAQ SEO – WordPress FAQ Plugin <= 1.3.2 - Cross-Site Request Forgery |
| CVE-2024-4567 | 2024-05-09 | Themify Shortcodes <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via themify_button Shortcode |
| CVE-2024-4193 | 2024-05-09 | Testimonial Slider <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4463 | 2024-05-09 | Squelch Tabs and Accordions Shortcodes <= 0.4.7 - Cross-Site Request Forgery |
| CVE-2024-1467 | 2024-05-09 | Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 4.1.6 - Authenticated (Contributor+) Server-Side Request Forgery |
| CVE-2024-2785 | 2024-05-09 | The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate |
| CVE-2024-4038 | 2024-05-09 | Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro <= 5.3.1 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-4104 | 2024-05-09 | ADFO – Custom data in admin dashboard <= 1.9.0 - Reflected Cross-Site Scripting |
| CVE-2024-4397 | 2024-05-09 | LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Instructor+) Arbitrary File Upload |
| CVE-2024-3809 | 2024-05-09 | Porto Theme - Functionality <= 3.0.9 - Authenticated (Contributor+) Local File Inclusion via Post Meta |
| CVE-2024-2290 | 2024-05-09 | Advanced Ads – Ad Manager & AdSense <= 1.52.1 - Authenticated (Admin+) PHP Object Injection |
| CVE-2024-3808 | 2024-05-09 | Porto Theme - Functionality <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode |
| CVE-2024-4686 | 2024-05-09 | Campcodes Complete Web-Based School Management System emarks_range_grade_update_form.php cross site scripting |
| CVE-2024-32985 | 2024-05-09 | Stellar-core's Overlay - security fix for DDoS mitigation |
| CVE-2024-4687 | 2024-05-09 | Campcodes Complete Web-Based School Management System create_events.php cross site scripting |
| CVE-2024-4688 | 2024-05-09 | Campcodes Complete Web-Based School Management System conversation_history_admin.php cross site scripting |
| CVE-2024-0087 | 2024-05-09 | CVE |
| CVE-2024-0100 | 2024-05-09 | CVE |
| CVE-2024-0088 | 2024-05-09 | CVE |
| CVE-2024-0096 | 2024-05-09 | CVE |
| CVE-2024-0097 | 2024-05-09 | CVE |
| CVE-2024-0098 | 2024-05-09 | CVE |
| CVE-2024-4671 | 2024-05-09 | Use after free in Visuals in Google Chrome prior to... |
| CVE-2024-30802 | 2024-05-10 | An issue in Vehicle Management System 7.31.0.3_20230412 allows an attacker... |
| CVE-2024-4699 | 2024-05-10 | D-Link DAR-8000-10 importhtml.php deserialization |
| CVE-2024-4280 | 2024-05-10 | White Label CMS <= 2.7.3 - Missing Authorization to Plugin Settings Reset |
| CVE-2024-2441 | 2024-05-10 | VikBooking < 1.6.8 - Insecure Direct Object References |
| CVE-2024-2749 | 2024-05-10 | VikBooking < 1.6.8 - Broken Access Control |
| CVE-2024-3940 | 2024-05-10 | reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF |
| CVE-2024-3941 | 2024-05-10 | reCAPTCHA Jetpack <= 0.2.2 - Stored XSS via CSRF |
| CVE-2024-4481 | 2024-05-10 | Gutenberg Blocks with AI by Kadence WP <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Link |
| CVE-2024-3828 | 2024-05-10 | Spectra Pro <= 1.1.5 - Authenticated (Author+) Privilege Escalation |
| CVE-2024-4129 | 2024-05-10 | Authentication bypass in Snow License Manager |
| CVE-2024-4448 | 2024-05-10 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' |
| CVE-2024-4449 | 2024-05-10 | Essential Addons for Elementor <= 5.9.19 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Several Widgets |
| CVE-2024-2662 | 2024-05-10 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Admin+) Command Injection |
| CVE-2024-4275 | 2024-05-10 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Interactive Circles' |
| CVE-2024-4398 | 2024-05-10 | HTML5 Audio Player- Best WordPress Audio Player Plugin <= 2.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |
| CVE-2024-3547 | 2024-05-10 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Reflected Cross-Site Scripting |
| CVE-2024-34828 | 2024-05-10 | WordPress Church Admin plugin <= 4.1.32 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34827 | 2024-05-10 | WordPress Translate Multilingual sites – TranslatePress plugin <= 2.7.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34825 | 2024-05-10 | WordPress Social Warfare plugin <= 4.4.5.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34823 | 2024-05-10 | WordPress Arigato Autoresponder and Newsletter plugin <= 2.7.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-4689 | 2024-05-10 | WordPress ShortPixel Adaptive Images plugin <= 3.8.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-4434 | 2024-05-10 | LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Time-Based SQL Injection |
| CVE-2024-3956 | 2024-05-10 | Pods – Custom Content Types and Fields <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pod Form Redirect URL |
| CVE-2024-4444 | 2024-05-10 | LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Bypass to User Registration |
| CVE-2024-31113 | 2024-05-10 | WordPress Easy Digital Downloads plugin <= 3.2.11 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34817 | 2024-05-10 | WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-34816 | 2024-05-10 | WordPress WPCal.io plugin <= 0.9.5.8 - Cross Site Request Forgery (CSRF) vulnerability |